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APPENDIX A 



Card Class File Format For Preferred Embodiment 

Introduction 

The card class file is a compressed form of the original class file(s). The card class file contains only the 
semantic information required to interpret Java programs from the original class files. The indirect 
references in the original class file are replaced with direct references resulting in a compact representation. 
The card class file format is based on the following principles: 

1 . Stay close to the standard class file format: The card class file format should remain as close to the 
standard class file format as possible. The Java byte codes in the class file remain unaltered. Not 
altering the byte codes ensures that the structural and static constraints on them remain verifiably intact 

2. Ease of implementation : The card class file format should be simple enough to appeal to Java Virtual 
Machine impiementers. It must allow for different yet behavioraily equivalent implementations. 

3. Feasibility: The card class file format must be compact in order to accommodate smart card 
technology. It must meet the constraints of today's technology while not losing sight of tomorrow's 
innovations. 

This document is based on Chapter 4, "The class file format", in the book titled "The Java™ Virtual 
Machine Specification"];!], henceforth referred to as the Red book. Since the document is based on the 
standard class file format described in the Red book, we only present information that is different. The Red 
book serves as the final authority for any clarification. 
The primary changes from the standard class file format are: 

• The constant pool is optimized to contain only 16-bit identifiers and, where possible, indirection is 
replaced by a direct reference. 

• Attributes in the original class file are eliminated or regrouped. 

The Java Card class File Format 

This section describes the Java Card class file format. Each card class file contains one or many Java types, 
where a type may be a class or an interface. 

A card class file consists of a stream of 8-bit bytes. All 16-bit, 32-bit, and 64-bit quantities are constructed 
by reading in two, four, and eight consecutive 8-bit bytes, respectively. Multi-byte data items are always 
stored in big-endian order, where the high bytes come first. In Java, this format is supported by interfaces 
java.io.Datalnput and java.io.DataOutput and classes such as java.io.DatalnputStream and 
java.io.DataOutputStream. 

We define and use the same set of data types representing Java class file data: The types ul, u2 t and u4 
represent an unsigned one-, two-, or four-byte quantity, respectively. In Java, these types may be read by 
methods such as readUnsignedByte, readUnsignedShort, and readlnt of the interface java.io.Datalnput. 
The card class file format is presented using pseudo-structures written in a C-Iike structure notation. To 
avoid confusion with the fields of Java Card Virtual Machine classes and class instances, the contents of the 
structures describing the card class file format are referred to as items. Unlike the fields of a C structure, 
successive items are stored in the card class file sequentially, without padding or alignment. 
Variable-sized tables, consisting of variable-sized items, are used in several class file structures. Although 
we will use C-like array syntax to refer to table items, the fact that tables are streams of varying-sized 
structures means that it is not possible to directly translate a table index into a byte offset into the table. 
Where we refer to a data structure as an array, it is literally an array. 

In order to distinguish between the card class file structure and the standard class file structure, we add 
capitalization; for example, we rename field _info in the original class file to Fieldlnfo in the card class file. 



Card Class File 



A card class file contains a single CardClassFile structure: 
CardClassFile { 
ul major_version; 
ul minor__version; 
u2 name_index; 
u2 const_size; 
u2 max_class; 

Cplnfo constant_pooi[const_size]; 
Classlnfo class[max_class]; 

} 

The items in the CardClassFile structure are as follows: 
minor jversion, majorjversion 

The values of the minor_version and major_version items are the minor and major version numbers of the 
off-card Java Card Virtual Machine that produced this card class file. An implementation of the Java Card 
Virtual Machine normally supports card class files having a given major version number and minor version 
numbers 0 through some particular minor_version. 

Only the Java Card Forum may define the meaning of card class file version numbers. 
name_index 

The value of the namejndex item must represent a valid Java class name. The Java class name represented 
by name_jndex must be exactiy the same Java class name that corresponds to the main application that is to 
run in the card. A card class file contains several classes or interfaces that constitute the application that 
runs in the card. Since Java allows each class to contain a main method there must be a way to distinguish 
the class file containing the main method which corresponds to the card application. 
const_size 

The value of const_size gives the number of entries in the card class file constant pool. A constant_pool 

index is considered valid if it is greater than or equal to zero and less than const_size. 

max_class 

This value refers to the number of classes present in the card class file. Since thelname resolution and 
linking in the Java Card are done by the off-card Java Virtual Machine all the class files or classes required 
for an application are placed together in one card class file. 
constant_pool[] 

The constant_pool is a table of variable-length structures (0) representing various string constants, class 
names, field names, and other constants that are referred to within the CardClassFile structure and its 
substructures. 

The first entry in the card class file is constant_pooi[0]. 

Each of the constant_pool table entries at indices 0 through const_size is a variable-length structure (0). 
dassQ 

The class is a table of max_class classes that constitute the application loaded onto the card. 

Constant Pool 

All constant_pool table entries have the following general format: 
Cplnfo { 
ul tag; 
ul infoQ; 

} 

Each item in the constant_pooi table must begin with a 1-byte tag indicating the kind of cpjnfo entry. The 
contents of the info array varies with the value of tag. The valid tags and their values are the same as those 
specified in the Red book. 

Each tag byte must be followed by two or more bytes giving information about the specific constant. The 

format of the additional information varies with the tag value. Currently the only tags that need to be 

included are CONSTANT^Class, CONSTANTJneldRef, CONSTANT JvlethodRef and 

CONST ANT JnterfaceRef. Support for other tags be added as they are included in the specification. 

CONSTANT_Class 

' ft 'A 



The CONST ANT.Class jnfo structure is used to represent a class or an interface: 
CONSTANT_ClassInfo { 
ul tag; 

u2 name Jndex: 

I 

The items of the CONSTANT JZlass Jnfo structure are the following: 
tag 

The tag item has the value CONSTANT _Class (7). 
namejndex 

The value of the namejndex item must represent a valid Java class name. The Java class name represented 
by namejndex must be exactly the same Java class name that is described by the corresponding 
CONSTANT_Class entry in the constant_pool of the original class file. 
CONSTANT JFieldref, CONSTANT JVIethodref, and CONSTANT JnterfaceMethodref 
Fields, methods, and interface methods are represented by similar structures: 
CONSTANTJFieldreflnfo { 
ul tag; 

u2 class Jndex; 
u2 name_sigjndex; 

} 

CONSTANTJMethodreflnfo { 
ul tag; 

u2 class Jndex; 
u2 name_sigjndex; 

} 

CONSTANT JnterfaceMethodreflnfo { 
ul tag; 

u2 class Jndex; 
u2 name_sigjndex; 

} 

The items of these structures are as follows: 
tag 

The tag item of a CONSTANTJFieldreflnfo structure has the value CONSTANT_Fieldref (9). 

The tag item of a CONSTANTJMethodreflnfo structure has the value CONSTANT Jvlethodref (10). 

The tag item of a CONSTANT JnterfaceMethodreflnfo structure has the value 

CONSTANT JnterfaceMethodref (1 1). 

classsjndex 

The value of the class Jndex item must represent a valid Java class or interface name. The name represented 
by class Jndex must be exactly the same name that is described by the corresponding 
CONSTANT_Class Jnfo entry in the constant_pool of the original class file. 
name__sigjndex 

The value of the name^sig Jndex item must represent a valid Java name and type. The name and type 
represented by name.sigjndex must be exactly the same name and type described by the 
CONSTANTJJameAndType Jnfo entry in the constant_pool structure of the original class file. 

Class 

Each class is described by a fixed-length Classlnfo structure. The format of this structure is: 
Classlnfo { 

u2 name Jndex; 
ul maxjield; 
ul max_sfield; 
ul max_method; 
ul maxjnterface; 
u2 superclass; 
u2 access__flags; 



Fieldlnfo fieldfmax Jield+max_sfield] ; 
Interfacelnfo interface(max_interface] ; 
Methodlnfo method(max_method]; 

» 

The items of the Classlnfo structure are as follows: 
name jndex 

The value of the name Jndex item must represent a valid Java class name. The Java class name represented 
by name Jndex must be exactly the same Java class name that is described in the corresponding ClassFile 
structure of the original class file, 
maxjield 

The value of the maxjield item gives the number of Fieldlnfo (0) structures in the field table that represent 
the instance variables, declared by this class or interface type. This value refers to the number of non-static 
the fields in the card class file. If the class represents an interface the value of maxjield is 0. 
tnax_sfield 

The value of the max_sfield item gives the number of Fieldlnfo structures in the field table that represent 
the class variables, declared by this class or interface type. This value refers to the number of static the 
fields in the card class file, 
maxjmethod 

The value of the maxjmethod item gives the number of Methodlnfo (0) structures in the method table, 
maxjnterface 

The value of the maxjnterface item gives the number of direct superinterfaces of this class or interface 
type. 

superclass 

For a class, the value of the superclass item must represent a valid Java class name. The Java class name 
represented by superclass must be exactly the same Java class name that is described in the corresponding 
ClassFile structure of the original class file. Neither the superclass nor any of its superclasses may be a final 
class. 

If the value of superclass is 0 1 , then this class must represent the class java.lang.Object, the only class or 
interface without a superclass. 

For an interface, the value of superclass must always represent the Java class java.lang.Object. 
access JIags 

The value of the access Jlags item is a mask of modifiers used with class and interface declarations. The 
access Jlags modifiers and their values are the same as the access Jlags modifiers in the corresponding 
ClassFile structure of the original class file, 
fieldl] 

Each value in the field table must be a fixed-length Fieldlnfo (0) structure giving a complete description of 
a field in the class or interface type. The field table includes only those fields that are declared by this class 
or interface. It does not include items representing fields that are inherited from superclasses or 
superinterfaces. 
interface!] 

Each value in the interface array must represent a valid interface name. The interface name represented by 
each entry must be exactly the same interface name that is described in the corresponding interface array of 
the original class file. 
method[] 

Each value in the method table must be a variable-length Methodlnfo (0) structure giving a complete 
description of and Java Virtual Machine code for a method in the class or interface. 
The Methodlnfo structures represent all methods, both instance methods and, for classes, class (static) 
methods, declared by this class or interface type. The method table only includes those methods that are 
explicitly declared by this class. Interfaces have only the single method <clinit>, the interface initialization 
method. The methods table does not include items representing methods that are inherited from superclasses 
or superinterfaces. 



1 Or a standard yet fixed value. 
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Fields 



Each field is described by a fixed-length field Jnfo structure. The format of this structure is 
Fieldlnfo { 

u2 name Jndex; 
u2 signaturejndex; 
u2 accessjlags; 

} 

The items of the Fieldlnfo structure are as follows: 
namejndex 

The value of the namejndex item must represent a valid Java field name. The Java field name represented 
by namejndex must be exactly the same Java field name that is described in the corresponding field Jnfo 
structure of the original class file, 
signature Jndex 

The value of the signature Jndex item must represent a valid Java field descriptor. The Java field descriptor 
represented by signature index must be exactly the same Java field descriptor that is described in the 
corresponding field Jnfo structure of the original class file, 
accessjlags 

The value of the accessjlags item is a mask of modifiers used to describe access permission to and 
properties of a field. The accessjlags modifiers and their values are the same as the accessjlags modifiers 
in the corresponding field Jnfo structure of the original class file. 



Each method is described by a variable-length Methodlnfo structure. The Methodlnfo structure is a 
variable-length structure that contains the Java Virtual Machine instructions and auxiliary information for a 
single Java method, instance initialization method, or class or interface initialization method. The structure 
has the following format: 
Methodlnfo { 

u2 name Jndex; 

u2 signature Jndex; 

ui maxjocal; 

ul max_arg; 

ul max_stack; 

ul accessjlags; 

u2 code Jength; 

u2 exception Jength; 

ul code[code Jength]; 

{ u2 start_pc; 



} einfofexception Jength]; 

} 

The items of the Methodlnfo structure are as follows: 
name Jndex 

The value of the name Jndex item must represent either one of the special internal method names, either 
<init> or <clinit>, or a valid Java method name. The Java method name represented by name Jndex must be 
exactly the same Java method name that is described in the corresponding method Jnfo structure of the 
original class file, 
signaturejndex 

The value of the signaturejndex item must represent a valid Java method descriptor. The Java method 
descriptor represented by signaturejndex must be exactly the same Java method descriptor that is described 
in the corresponding method Jnfo structure of the original class file. 



Methods 



u2 end_pc; 
u2 handler_pc; 
u2 catchjype; 



maxjocal 




The value of the max Jocais item gives the number of local variables used by this method, excluding the 
parameters passed to the method on invocation. The index of the first local variable is 0. The greatest local 
variable index for a one- word value is maxjocals-l. 
max_arg 

The value of the max_arg item gives the maximum number of arguments to this method. 
max_stack 

The value of the max_stack item gives the maximum number of words on the operand stack at any point 
during execution of this method, 
access Jlags 

The value of the access Jags item is a mask of modifiers used to describe access permission to and 
properties of a method or instance initialization method. . The access Jlags modifiers and their values are 
the same as the access Jags modifiers in the corresponding method Jnfo structure of the original class file, 
code Jength 

The value of the code Jength item gives the number of bytes in the code array for this method. The value of 
code Jength must be greater than zero; the code array must not be empty, 
exception Jength 

The value of the exception Jength item gives the number of entries in the exception_mfo table. 
codeQ 

The code array gives the actual bytes of Java Virtual Machine code that implement the method. When the 

code array is read into memory on a byte addressable machine, if the first byte of the array is aligned on a 4- 

byte boundary, the tableswitch and lookupswitch 32-bit offsets will be 4-byte aligned; refer to the 

descriptions of those instructions for more information on the consequences of code array alignment. 

The detailed constraints on the contents of the code array are extensive and are the same as described in the 

Java Virtual Machine Specification. 

einfoO 

Each entry in the einfo array describes one exception handler in the code array. Each emfo entry contains 
the following items: 
start_pc, end_pc 

The values of the two items start_pc and end_pc indicate the ranges in the code array at which the exception 
handler is active. 

The value of start_pc must be a valid index into the code array of the opcode of an instruction. The value ot 
end_pc either must be a valid index into the code array of the opcode of an instruction, or must be equal to 
code Jength, the length of the code array. The value of start_pc must be less than the value of end_pc. 
The start_pc is inclusive and end_pc is exclusive; that is, the exception handler must be active while the 
program counter is within the interval [start_pc, end_pc]. 
handler_pc 

The value of the handler_pc item indicates the start of the exception handler. The value of the item must be 
a valid index into the code array, must be the index of the opcode of an instruction, and must be less than 
the value of the code Jength item, 
catch Jype 

If the value of the catch jype item is nonzero, it must represent a valid Java class type. The Java class type 
represented by catchjype must be exactly the same as the Java class type that is described by the 
catch_type in the corresponding method Jnfo structure of the original class file. This class must be the class 
Throwable or one of its subclasses. The exception handler will be called only if the thrown exception is an 
instance of the given class or one of its subclasses. ^ 
If the value of the catch Jype item is zero, this exception handler is called for ail exceptions. This is used to 
implement finally. 

Attributes 

Attributes used in the original class file are either eliminated or regrouped for compaction. 
The predefined attributes SourceFile, ConstantValue, Exceptions, LineNumberTable, and Local- 
VariableTable may be eliminated without sacrificing any information required for Java byte code 
interpretation. 



The predefined attribute Code which contains all the byte codes for a particular method are moved in the 
corresponding Methodlnfo structure. 

Constraints on Java Card Virtual Machine Code 

The Java Card Virtual Machine code for a method, instance initialization method, or class or interface 
initialization method is stored in the array code of the Methodlnfo structure of a card class file. Both the 
static and the structural constraints on this code array are the same as those described in the Red book. 
Limitations of the Java Card Virtual Machine and Java Card class File Format 

The following limitations in the Java Card Virtual Machine are imposed by this version of the Java Card 
Virtual Machine specification: 

t The per-card class file constant pool is limited to 65535 entries by the 16-bit const_size field of the 
CardClassFile structure (0). This acts as an internal limit on the total complexity of a single card class 
file. This count also includes the entries corresponding to the constant pool of the class hierarchy 
available to the application in the card. 2 

. The amount of code per method is limited to 65535 bytes by the sizes of the indices in the Methodlnfo 
structure. 

• The number of local variables in a method is limited to 255 by the size of the maxjocal item of the 
Methodlnfo structure (0). 

• The number of fields of a class is limited to 5 10 by the size of the maxjield and the max_sfield items 
of the Classlnfo structure (0). 

• The number of methods of a class is limited to 255 by the size of the max.method item of the Classlnfo 
structure (0). 

• The size of an operand stack is limited to 255 words by the max.stack field of the Methodlnfo structure 
(0). 

Bibliography 

[l] Tim Lindholm and Frank Yellin, The Java Virtual Machine Specification, Addison-Wesley, 1996. 



2 A single card class file constant pool has 65535-A entries available, where A corresponds to the number of 
entries in the constant pool of the class hierarchies accessible to the application. 
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String To ID Input And Output 

For the correct operation of Card JVM it is very important that the declared and generated IDs are correctly 
managed. This management is controlled by the definitions in the string to ID input file String-ID INMap. 
This textual file, the basis for which is shown below, declares which areas of the namespace can be used for 
what purposes. One possible arrangement of this map may reserve some IDs for internal use by the Card 
JVM interpreter, and the rest is allocated to Card JVM applications. 

# 

# String-ID INMap file. 
# 

# 4000 - 7FFF Available for application use. 

# F000 - FFFE Reserved for Card JVM's internal use. 
# 

The area from F000 to FFFF is reserved for 
Card JVM's internal use. 

F000 - Name of the startup class 
(changes for each application) 
F001 - Name of the startup method 
(may change for each application) 
F002 
F003 
F004 
F005 
F006 
F007 
F008 
F009 
FOOOA 

This area is reserved for simple return types. 
FFFO 
FFF1 
FFF2 
FFF3 
FFF4 
FFF5 
FFF6 

From here on this space is application dependent. 

Essentially, all applications which are to be loaded into a smart card are allocated their own IDs within the 
0x4000 to 0x7FFF. This space is free for each application since no loaded application is permitted to access 
other applications. 

Care must be taken on managing the IDs for preloaded class libraries. The management of these IDs is 
helped by the (optional) generation of the string to ID output file String-ID OUTMap file. This map is the 
String-ID INMap augmented with the new String-ID bindings. These bindings may be produced when the 
Card Class File Converter application terminates. The String-ID OUTMap is generated for support 
libraries and OS interfaces loaded on the card. This map may be used as the String-ID INMap for smart 
card applications using the support libraries and OS interfaces loaded on the card. When building new 
applications this file can generally be discarded. 
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As an example consider the following Java program. HeiloSmartCard java. When compiled it generates a 
class file HelloSmartCard.class. This class file has embedded in it strings that represent the class name, 
methods and type information. On the basis of the String-ID INMap described above Card Class File 
Converter generates a card class file that replaces the strings present in the class file with IDs allocated by 
Card Class File Convener. Table 1 lists the strings found in the constant pool of HelloSrnartCardxiass with 
their respective Card Class File Converter assigned IDs. Note that some strings (like 
"java/lang/Object") have a pre-assigned value (F002) and some strings (like 41 ( ) V") get a new 
value (4004). 



public class HeiloSmartCard { 
public byte aVariable; 

public static void main() { 

HeiloSmartCard h = new HeiloSmartCard ( ) ; 
h. aVariable = (byte) 13; 

} 

} 



Program : HelloSmartCard.java 
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Relevant entries of String-ID OUTMap 
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Byte codes supported by the Card JVM in the preferred embodiment 
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Standard Java byte codes numbers for the byte codes supported in 
preferred embodiment 

package util; 
/* 

* List of actual Java Bytecodes handled by this JVM 

* ret. Lindohlm and Yellin. 
■* 

* Copyright (c) 1996 Schlumberger Austin Products Center, 

* Schlumberger, Austin, Texas, USA. 
*/ 



public interface BytecodeDefn { 

public static final byte j_NOP » (byte)O; 
public static final byte ACONST_NULL = (byte)l; 
public static final byte IC0NSTJ51 = (byte) 2; 
public static final byte ICONST_0 = (byte) 3; 
public static final byte IC0NST_1 = (byte) 4; 
public static final byte IC0NST_2 = (byte) 5; 
public static final byte IC0NST_3 = (byte) 6; 
public static final byte IC0NST_4 = (byte) 7; 
public static final byte IC0NST_5 = (byte) 8; 
public static final byte BIPUSH = (byte) 16; 
public static final byte SIPUSH = (byte) 17; 
public static final byte LDC1 = (byte) 18; 
public static final byte LDC2 = (byte) 19; 
public static final byte ILOAD - (byte) 21; 
public static final byte ALOAD = (byte) 25? 
public static final byte ILOAD_0 = (byte) 26; 
public static final byte IL0AD_1 = (byte) 27; 
public static final byte ILOAD_2 = (byte) 28; 
public static final byte IL0AD_3 = (byte) 29; 
public static final byte ALOAD_0 = (byte) 42; 
public static final byte AL0AD_1 = (byte) 43; 
public static final byte AL0AD_2 = (byte) 44; 
public static final byte ALOAD_3 = (byte) 45; 
public static final byte I ALOAD = (byte) 46; 
public static final byte AALOAD = (byte) 50; 
public static final byte B ALOAD = (byte) 51; 
public static final byte CALOAD = (byte) 52; 
public static final byte ISTORE = (byte) 54; 
public static final byte ASTORE = (byte) 58; 
public static final byte ISTORE_0 = (byte) 59; 
public static final byte ISTORE_l = (byte) 60; 
public static final byte IST0RE_2 = (byte) 61; 
public static final byte ISTORE_3 = (byte) 62; 
public static final byte ASTORE J) = (byte) 75; 
public static final byte ASTORE_l = (byte) 76; 
public static final byte ASTORE_2 = (byte) 77; 
public static final byte ASTORE_3 = (byte) 78; 
public static final byte IASTORE = (byte) 79; 
public static final byte AASTORE = (byte) 83; 
public static final byte BASTORE = (byte) 84; 
public static final byte CASTORE = (byte) 85; 
public static final byte POP = (byte) 87; 
public static final byte P0P2 = (byte) 88; 
public static final byte DUP = (byte) 89; 
public static final byte DUP_X1 - (byte) 90; 
public static final byte DUP_X2 = (byte) 91; 
public static final byte DUP2 = (byte) 92; 
public static final byte DUP2JC1 = (byte) 93; 
public static final byte DUP2_X2 = (byte) 94; 
public static final byte SWAP = (byte) 95; 
public static final byte I ADD = (byte) 96; 
public static final byte ISUB = (byte) 100; 
public static final byte IMUL = (byte) 104; 
public static final byte IDIV = ( byte) 108; 
public static final byte IREM = (byte) 112; 



-c-i. 



public static final byte INEG = (byte) 116; 
public static final byte ISHL = (byte) 120; 
public static final byte ISHR = (byte) 122; 
public static final byte IUSHR = (byte) 124; 
public static final byte I AND = (byte) 126; 
public static final byte IOR = (byte) 128; 
public static final byte IXOR = (byte) 130; 
public static final byte I INC = (byte) 132; 
public static final byte INT2BYTE = (byte) 145; 
public static final byte INT2CHAR = (byte) 146; 
public static final byte INT2SH0RT = (byte) 147; 
public static final byte IFEQ = (byte) 153; 
public static final byte IFNE = (byte) 154; 
public static final byte IFLT = (byte) 155; 
public static final byte IFGE = (byte) 156; 
public static final byte IFGT = (byte) 157; 
public static final byte IFLE = (byte) 158; 
public static final byte IFJECMPEQ = (byte) 159; 
public static final byte IF_ICMPNE = (byte) 160; 
public static final byte IF_ICMPLT » (byte) 161; 
public static final byte IFJCCMPGE = (byte) 162; 
public static final byte IF_ICMPGT = (byte) 163; 
public static final byte IF_ICMPLE = (byte) 164; 
public static final byte IF_ACMPEQ = (byte) 165; 
public static final byte IF_ACMPNE = (byte) 166; 
public static final byte GOTO = (byte) 167; 
public static final byte j_JSR = (byte) 168; 
public static final byte RET = (byte) 169; 
public static final byte TABLESWITCH = (byte) 170; 
public static final byte LOOKUPSWITCH = (byte) 171; 
public static final byte IRETURN = (byte) 172; 
public static final byte ARETURN = (byte) 176; 
public static final byte RETURN * (byte) 177; 
public static final byte GETSTATIC = (byte) 178; 
public static final byte PUTSTATIC = (byte) 179; 
public static final byte GETFIELD = (byte) ISC- 
public static final byte PUTFIELD = (byte) 181; 
public static final byte INVOKEVTRTUAL = (byte) 182; 
public static final byte INVOKENONVIRTUAL = (byte) 183; 
public static final byte INVOKESTATIC = (byte) 184; 
public static final byte INVOKEINTERFACE = (byte) 185; 
public static final byte NEW = (byte) 187; 
public static final byte NEWARRAY * (byte) 188; 
public static final byte ARRAYLENGTH = (byte) 190; 
public static final byte ATHROW = (byte) 191; 
public static final byte CHECKCAST = (byte) 192; 
public static final byte INSTANCEOF = (byte) 193; 
public static final byte IFNULL = (byte) 198; 
public static final byte IFNONNULL = (byte) 199; 
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APPENDIX D 

Card Class File Converter byte code conversion process 

/* 

* Reprocess code block. 
V 

static 
void 

reprocessMethodUMethod* imeth) 
{ 

int pc; 
int npc; 
int align; 
bytecode* code? 
int codelen; 
int i; 
int opad; 
int npad; 
int ape? 
int high; 
int low; 

/* codeinfo is a table that keeps track of the valid Java bytecodes and their 

* corresponding translation 
*/ 

code = imeth->external->code; 

codelen = imeth->external->code_length; 



r 



jurapPos = 0; 
align = 0 ; 

/* Scan for unsupported opcodes */ 

for (pc = 0; pc < codelen; pc = npc) { 
if (codeinfo (codeCpcj ] .valid == 0) { 

error ("Unsupported opcode %d w , code(pcj); 

npc s next PC (pc, code) ; 

} 



< 



/* Scan for jump instructions an insert into jump table */ 

for (pc =0; pc < codelen; pc = npc) { 
npc = nextPC(pc, code); 

if (codeinfo {code (pel ] .valid == 3) { 

^ insertJump(pc+l, pc, (intl6) ( (code [pc+1 ) « 8) | code [pc+2 ] ) ) ; 

else if { codeinfo (code [pc] ] .valid == 4) { 
ape = pc & -4; 

low = (code(apc+8] « 24) | (code[apc+9) « 16) 

| (code[apc+10] « 8) | code[apc+ll] ; 
high = (codefapc+12] « 24) j (code[apc+13 ] « 16) 

I (code(apc+14J « 8) | code (ape +15] ; 
for (i =0; i < high-low+1; i++) { 

insertJump(apc+(i*4)+18, pc, 
^ (intl6) ( (code(apc+(i*4)+18] « 8) | code[apc+(i*4) +19] ) ) ; 

^ insertJump(apc+6, pc, <intl6) < (code{apc+6] « 8) | code(apc+7] ) ) ; 

else if (codeinfo (code [pc] 3 .valid == 5) { 
ape = pc & -4; 

low = (code(apc+8] « 24) | (code[apc+9) « 16) 

| (code[apc+10] « 8) | code(apc+ll] ; 
for (i = 0? i < low; i++) { 

insertJump(apc+(i # 8)+18, pc, 
^ (intl6) ({code(apc+(i*8)+181 « 8) | code(apc+ (i*8) +19] ) ) ; 

^ insertJump(apc+6, pc, (intlfi) ( (code(apc+6] « 8) j code(apc+7] ) ) ; 



frifdef TRANSLATE_B YTECO DE 

/* Translate specific opcodes to general ones */ 

for (pc = 0? pc < codelen; pc = npc) { 
/* This is a translation code */ 
if (codeinfo (code (pc) ) .valid ==2) { 
switch (codefpc]) { 
case ILOAD_0: 
case ILOAD_l: 
case ILOAD_2: 
case IL0AD_3: 

insertSpace<code, &codelen, pc, 1) ; 
align 1; 

code(pc+l] = codefpc] - ILOADJ); 

COdefpc+0] x ILOAD; 
break; 

case ALOAD_0 : 
case ALOAD_l : 
case ALOAD_2 : 
case AL0AD_3 : 

ins ertSpace (code, &codelen, pc, 1} ; 

align 1; 

COde(pc+l] = codefpc] - ALOAD_0 ; 

code{pc+0] = ALOAD; 

break; 

case ISTOREJ): 
case ISTORE_l: 
case ISTORE_2 : 
case ISTORE_3 : 

insertSpaceicode, fccodelen, pc, 1) ; 

align 1; 

code(pc+l] =* codefpc] - ISTORE_0; 

code£pc+0] = ISTORE; 

break; 

case ASTORE_0 : 
case ASTORE_l: 
case ASTORE_2: 
case ASTORE_3: 

insertSpace(code, fccodelen, pc, 1) ,* 

align += 1; 

codefpc+1] = codefpc) - ASTORE_0; 

code(pc+0] = ASTORE; 

break; 

case IC0NST_M1: 

insertSpacefcode, icodelen, pc, 2); 

align 2; 

codefpc*2] = 255; 

codefpc+1] = 255; 

code(pc+0] = SIPUSH; 

break; 

case ICONST_0: 
case ICONST_l: 
case ICONST_2: 
case IC0NST_3: 
case ICONST_4: 
case IC0NST_5 : 

insertSpace(code, tcodelen, pc, 2); 

align 2 ; 

codefpc +2] = codefpc] - ICONST_0; 
code(pc+l] = 0; 
codefpc+O] = SIPUSH; 
break; 

case LDC1: 

insertSpace(code, icodelen, pc r 1) ; 

align +=1; 

code(pc+l] = 0; 

code(pc+0] = LDC2; 

break; 




\ case BIPUSH: 

insertSpace (code, kcodelen, pc, 1) ; 
align += 1; 

if ( (int8)code(pc+2] >= 0) ( 
code (pc+1] = 0; 

} 

else { 

codetpc+i] = 255; 

} 

code{pc+0] = SIPUSH; 
breaks- 
case IOT2 SHORT: 

removeSpace (code, fccodelen, pc, 1) ; 
align ~- 1; 
npc = pc; 
continue; 

) 

} 

else if (codeinfo [code (pcj ] .valid 4 | | codeinfo (code [pel 1 .valid « 5) { 
/* Switches are aligned to 4 byte boundaries. Since we are inserting and 

* removing bytecodes, this may change the alignment of switch instructions. 

* Therefore, we must readjust the padding in switches to compensate. 
*/ 

opad = (4 - (((pc+1) - align) % 4)) % 4; /* Current switch padding */ 
npad = {4 - ((pc+1) % 4)) % 4; /* New switch padding */ 

I if (npad > opad) { 

insertSpace (code, icodelen, pc+1, npad - opad) ; 

' align += (npad - opad) ; 

} 

else if (npad < opad) { 

removeSpace(code, kcodelen, pc+1, opad - npad); 
align -= (opad - npad) ; 

> 

) 

npc = nextPC(pc, code); 

) 

#endif 



/* Relink constants */ 

for (pc = 0; pc < codelen; pc = npc) ( 
npc = next PC ( pc, code); 

i = (uintl6) ( (code [pc+1] « 8) + code[pc+2J); 

swi tch ( code ( pc ) ) { 
case LDC2 : 

/* 'i' general index */ 
switch (cltem(i) . type) { 
case CONSTANT_Integer : 
i = cltem(i) .v. tint; 
code(pc) = SIPUSH; 
break; 

case CONSTANT'S tring: 

i = buildStringlndex(i) ; 
break; 

default: 

error ("Unsupported loading of constant type"); 
break; 

} 

break; 

case NEW: 
case INSTANCEOF: 
case CHECKCAST: 

/* ' i' == class index V 
i - buildClassIndex(i) ; 
break; 

case GETFIELD: 
case PUTFIELD: 

/* 'i' == field index */ 



,'* i = buildFieldSignaturelndexf i) ; * ' 
i = buildStaticFieldSignaturelndex(i) ; 
break; 



case GETSTATIC: 
case PUTSTATIC: 

/* 'i' == field index */ 

i = buildStaticFieldSignaturelndex(i) ; 

break; 

case INVOKEVTRTUAL : 
case INVOKENONVIRTUAL: 
case INVOKESTATIC: 
case INVOKEINTERFACE : 

/* 'i' == method signature index */ 

i = buildSignaturelndex(i) ; 

break; 



/* Insert application constant reference V 
code(pc+l] = (i » 8) & OxFF; 
code{pc+2] = i & OxFF; 



#ifdef MODIFY_BYTECODE 
/* Translate codes V 

for (pc = 0; pc < codelen; pc = npc) { 
npc = nextPCtpc, code) ; 

code(pcJ = codein£o{code[pc] J . translation; 

) 

#endif 



/* Relink junps */ 

for (i ss 0; i < juntpPos; i++) { 
ape = jumpTable{i] .at; 
pc = jumpTableCi] . from? 
npc = jumpTable[i] . to - pc; 

codetapc+0] = (npc » 8) & OxFF; 
code [ ape +1] = npc & OxFF; 

> 

/* Fixup length */ 

imeth->external->code_length = codelen; 
imeth->esize = (SIZEOFMETHOD + codelen + 3} & 
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APPENDIX E 

Example Loading And Execution Control Program 



public class Bootstrap { 



// Constants 


used 


throughout the program 






static 


final 


byte 


BUFFER_JLjENGTH 




32; 


static 


final 


byte 


ACK_SIZE 




(byte) 1 ; 


static 


final 


byte 


ACK_CODE 




(byte)O; 


static 


final 


byte 


OS_HEADER_SIZE 




(byte) 0x10; 


static 


final 


byte 


GPOS_CREATE_FILE 




(byte)OxEO; 


static 


final 


byte 


ST_INVALID_CLAS S 




(byte)OxCO; 


static 


final 


byte 


ST_INVALID_PARAMETER 




(byte)OxAO; 


static 


final 


byte 


ST_INS__NOT_SUPPORTED 




(byte)OxBO; 


static 


final 


byte 


ST_SUCCESS 




( byte) 0x00 ; 


static 


final 


byte 


ISO_COMMAND__LENGTH 




(byte) 5 ; 


static 


final 


byte 


I S 0_READ_B INARY 




(byte)OxBO; 


static 


final 


byte 


ISO_UPDATE_BINARY 




(byte)0xD6; 


static 


final 


byte 


ISO_INIT_APPLICATION 




(byte)0xF2; 


static 


final 


byte 


ISO_VERIFY_KEY 




< byte) 0x2 A ; 


static 


final 


byte 


ISO_SELECT_FILE 




(byte)0xA4; 


static 


final 


byte 


ISO_CLASS 




(byte)OxCO; 


static 


final 


byte 


ISO_APP_CLASS 




(byte)OxFO; 



public static void main ( ) ( 

byte pbufferU = new byte ( ISO_COMMAND_LENGTH 1 ; 

byte dbufferU = new byte [BUFFER_LENGTH] ; 

byte ackByteCJ = new byte[ACK__SIZE] ; 

//short fileld; 

short offset; 

byte bRetumStatus; 

// Initialize Communications 
__OS . SendATR ( ) ; 

do { 

// Retrieve the command header 

_OS.GetMessage(pbuffer, I SO_COMMAND__LENGTH , ACK^CODE) ; 

// Verify class of the message - Only ISO + Application 
if Upbuffer(0] != ISO_APP_CI^ASS) 
&& (pbuffer[0] != ISO_CLASS) ) { 

_OS . SendS tatus ( ST_INVALID_CLASS ) ; 

) 

else { 

//go through the switch 

// Send the acknowledge code 

// Verify if data length too large 
if (pbuffer[4] > BUFFER_LENGTH) { 

bRe turns tatus = ST_INVALID_ PARAMETER ; 

} 

else 

{ 

switch (pbufferfll) { 
case ISO_SELECT_FILE: 

//we always assume that length is 2 

if (pbuffer{4] 1= 2) { 

bRetumStatus = ST_INVALID_PARAMETER; 

} 

else 

{ 

// get the fileld (of f set) in the data buffer 
_OS.GetMessage(dbuffer, (byte) 2, pbuffer(U); 
// cast dbuf fer [0 . . 1] into a short 



offset = (short) ( (dbuf fer ( 0] « 8) | (dbufferU) & OxOOFF) > ; 
bRetumStatus = __OS.SelectFile (of f set) ; 

} 

break; 

case ISO_VERIFY_KEY ; 

// Get the Key from the terminal 

_OS.GetMessage (dbuf fer, pbuf fer (4], pbuffer(ll); 

bReturnStatus = _OS . VerifyKey (pbuf f er [3 ) , 

dbuf fer, 
pbuf fer [4] ) ; 

break ; 

case ISO_INIT_APPLICATION: 

// Should send the id of a valid program file 
JDS.GetMessage( dbuf fer, (byte)l, pbuf fer [11 ) ; 
// compute f ileId(of fset) from pbuf fer [2 . .3] via casting 
offset = (short) ( (pbuf fer (2] « 8) | (pbuffer(3] & OxOOFF) ) ; 
bReturnStatus = _OS. Execute (of fset, 

dbuf fer [0] ) ; 

break; 
case GPOS_CREATE_FILE: 

if (pbufferU) != OS_HEADER_SIZE) { 

bReturnStatus = ST_INVAL I D_P ARAMETER ; 

break; 

) 

// Receive The data 

_OS.GetMessage(dbuffer, pbuffer[4], pbuffer(H); 
bReturnStatus = _OS. CreateFile (dbuf fer) ; 
break; 

case ISO_UPDATE_BINARY: 

_OS rtafrMasgagp (dbuf fer, pbuffer(4], pbuffertl]); 

// compute offset from pbuf fer[2 . . 3 ] via casting 

offset = (short) ((pbuffer[2) « 8) | (pbuffer[3] & OxOOFF) ) ; 

// assumes that a file is already selected 

bReturnStatus = __OS.WriteBinaryFile (offset, 

pbuffer{4] , 
dbuf fer) ; 

break; 
case I SO_READ_B INARY : 

// compute offset from pbuf fer [2 3) via casting 

offset = (short) ((pbuf fer [2] « 8) | (pbuffer(3J & OxOOFF)); 

// assumes that a file is already selected 

bReturnStatus = _OS .ReadBinaryFile (offset, 

pbuf fer {4] , 

dbuffer) ? 

// Send the data if successful 

ackByte[0] = pbufferfl] ; 

if (bReturnStatus == ST__SUCCESS) ( 

_OS.SendMessage(ackByte, ACK_SIZE) ; 

_OS.SendMessage( dbuf fer, pbuf fer (4] ) ; 

} 

breaks- 
default: 

bReturnStatus = ST_INS_NOT_SUPPORTED ; 

) 

) 

_OS . Sends tatus (bReturnStatus) ; 

} 

} 

while ( true) ; 



APPENDIX F 



"EXPRESS MAIL" Mailing Label Number EI267842785US 



Date ofDeposit October 24, 1997 

I hereby certify under 37 CFR 1,10 that this correspondence is being 
deposited with the United States Postal Service as "Express Mail 
Post Office To Addressee" with sufficient postage on the date 
indicated above and is addressed to the Assistant Commissioner for 
P#3s, Washington, D.C. 20231. 




~7- 

Tina Grimstead-Campbell 



APPENDIX F 



Methods For Accessing Card Operating System Capabilities In 
The Preferred Embodiment 



public class JDS { 

static native byte 
static native byte 
static native byte 
static native byte 

static native byte 
static native byte 



SelectFile 
SelectParent 
SelectCD 
SelectRoot 

CreateFile 
DeleteFile 



// General File Manipulation 



13 



static native byte 
static native byte 
static native short 

// Header Manipulation 
static native byte 

// Binary File support 
static native byte 



static native byte 



// Record File support 
static native byte 

static native byte 
static native byte 



ResetFile 

ReadByte 

ReadWord 



GetFilelnfo 

ReadBinaryFile 

WriteBinaryFile 

SelectRecord 

NextRecord 
PreviousRecord 



( short 

0; 
0 
() 



(byte 
byte 
(); 
0; 



file_id) 



(byte file_hdrU>, 
(short f ile_id) ; 



0; 

(byte offset) ; 
(byte offset) ; 



(byte filejidrf]); 



(short offset, 

byte data_l ength, 

byte bufferU)? 

(short offset, 

byte da ta_l ength, 

byte buffer [ ] ) ; 



record_nb, 
mode) ; 



static native byte 



static native byte 



ReadRecord 



WriteRecord 



(byte 
byte 
byte 
byte 

(byte 
byte 
byte 
byte 



record_data [ ] , 
record_nb, 
offset, 
length) ; 
buffer C 3 , 
recor d_nb , 
offset, 
length) ; 



// Cyclic File Support 
static native byte 

// Messaging Functions 
static native byte 



static native byte 

static native byte 

// Identity Management 
static native byte 
static native byte 

static native byte 

static native byte 



LastUpdatedRec 

GetMessage 

SendMessage 
SetSpeed 



CheckAccess 
VerifyKey 



VerifyCHV 
ModifyCHV 



0; 



(byte 
byte 
byte 

(byte 
byte 

(byte 



buffer (3, 
expect ed_l ength , 
ack_code) ; 
buffer (3, 
da ta_l ength) ; 
speed) ; 



(byte 

(byte 
byte 
byte 

(byte 
byte 
byte 

(byte 
byte 
byte 



ac_action> ; 

key_number , 

key_buf fer ( 3 , 

key__l ength) ; 
CHV__number , 
CHV_buffer[] , 
unblock_f lag) ; 
CHV_number , 
old_CHV_buf fer [} , 
new_CHV_buffer(] , 



Pi 



static native byte 
static native byte 



GetFileStatus 
SetFileStatus 



byte 
0; 
{byte 



unDlock_fiag) ; 
f ile_status) ; 



static native nyte 
static native byte 

static native byte 
static native byte 



GrantSupervisorMode (); 
RevokeSupervisorMode ( ) ; 



SetFileACL 
GetFileACL 



(byte 
(byte 



file_aci[] ) ; 
f ile_aci [ ] ) ; 



// File context manipulation 



static native void 
static native void 
static native void 



InitFileStatus 0 ; 

BackupFileStatus (); 
RestoreFileStatus (); 



// Utilities 



static native byte 


CompareBuf f er 


(byte 


pattern_length, 




byte 


buffer_l[], 






byte 


buffers [ ] ) ; 


static native short 


Avai labl eMemory 


0 ; 




static native void 


ResetCard 


(byte 


mode) ; 


static native byte 


SendATR 


(); 


buffer CI , 


static native byte 


SetDefaultATR 


(byte 




byte 


length) ; 


static native byte 


Execute 


( short 


file_id. 




byte 


flag) ; 



// Global state variable functions 

static native byte Getldentity (); 

static native byte GetRecordNb (); 

static native short GetApplicationld ( ) ; 

static native byte GetRecordLength ( ) ? 

static native byte GetFileType ( ) ; 

static native short GetFileLength ( ) ; 

static native void SendStatus (byte status); 
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APPENDIX G 



Byte Code Attributes Tables 

Dividing Java byte codes into type groups 

Each bytecode is assigned a 5 bit type associated with it. This is used to group the codes into similarly behaving 
sets. In general this behaviour reflects how the types of byte codes operate on the stack, but types 0, 13, 14, and 15 
reflect specific kinds of instructions as denoted in the comments section. 

The table below illustrates the state of the stack before and after each type of instruction is executed. 

Type Before execution After exececution Comment 

0 Illegal instruction 

1 stk0==int stkl==int pop(l) 

2 stk0==int pop(l) 

3 stk0==int stkl— int pop (2) 



4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 



push ( 1 ) 

stkO— int stkl==int 



push (1) 
stk0==ref 



stkO— int 
stk0==ref 
stk0==int 
push ( 1 ) 



pop (3) 
pop(l) 
pop(l) 
pop(l) 



stk0<-int 
stk0<-ref 
stk0<-int 



stk0<-ref 



DUPs, SWAP instructions 
INVOKE instructions 
FIELDS instructions 



Using Standard Java Byte Code (without reordering) - Attribute Lookup Table 



/* 

* Table of bytecode decode information. This contains a bytecode type 

* and a bytecode length. We currently support all standard bytecodes 

* (ie. no quicks) which gives us codes 0 to 201 (202 codes in all) . 

*/ 



*def ine T_ 


0 


#def ine T3 


1 


#def ine T6 


2 


^define Tl 


3 


#define T2 


4 


#def ine T7 


5 


#def ine T9 


6 


#def ine T8 


7 


#define T12 


8 


#def ine T10 


9 


#def ine T5 


10 


#def ine Til 


11 


#def ine T16 


12 


#def ine T4 


13 


ttdef ine T13 


14 


#def ine T14 


15 


*def ine T15 


16 



#define D{T,L) 

#define _BUILD__ITYPE_AND_I LENGTH (T , L) 
#def ine _BUILD_ITYPE<T) 
#def ine _BUILD_ILENGTH(L) 
^define _GET_ITYPE < I ) 
#def ine _GET_I LENGTH ( I ) 



_BUILD_ITYPE_AND_ILENGTH { T , L ) 
7_BUILD_ITYPE { T ) | _BUILD_ ILENGTH ( L ) ) 
( (T) « 3) 
tD 

{(I) & 0xF8) 
((I) & 0x07) 



const uint8 _SCODE _decodeinf o(256] = { 





T4 , 


1 


) , 


/* 


NOP 


*/ 


D{ 


Til , 


1 


) , 


/* 


ACONST_NULL 


*/ 


D{ 


T10 , 


1 


) , 


/* 


ICONST_Ml 


*/ 


D( 


T10 , 


1 


) , 


/* 


IC0NST_0 


*/ 


D( 


T10 , 


, 1 


> , 


/* 


ICONST_l 


*/ 


D{ 


T10 , 


, 1 


) , 


/* 


ICONST_2 


*/ 


D( 


T10 , 


, 1 


) , 


/* 


ICONST_3 


*/ 


D( 


T10 , 


, 1 


) , 


/* 


ICONST_4 


*/ 


D( 


T10 , 


, 1 


) , 


/* 


ICONST_5 


V 


D( 


T_ , 


, 1 


) , 








D( 


T_ , 


, 1 


) , 








D( 


T_ 


r 1 


) , 








D( 


T_ , 


, 1 


) , 








D( 


T_ , 


, 1 


) , 








D{ 


T_ , 


, 1 


) , 








D( 


T_ 


, 1 


) , 








D( 


T10 


, 2 


) , 


/* 


BIPUSH 


*/ 


D< 


T10 


, 3 


) , 


/* 


SIPUSH 


*/ 


D( 


T_ 


r 2 


>, 


/* 


LDC1 


*/ 


D{ 


Til 


, 3 


), 


/* 


LDC2 


*/ 


D{ 


T_ 


, 3 


) , 








D{ 


T5 


, 2 


) , 


/* 


ILOAD 


*/ 


D{ 


T_ 


, 2 


) , 








D( 


T„ 


, 2 


), 








D< 


T_ 


, 2 


) , 








D( 


T5 


, 2 


>, 


/* 


ALOAD 


*/ 


D( 


T5 


, 1 


) , 


/* 


ILOAD_0 


*/ 


D( 


T5 


, 1 


) , 


/* 


ILOAEL1 


*/ 


D( 


T5 


, 1 


) ■ 


/* 


ILOAD_2 


*/ 


D{ 


T5 


, 1 


> , 


/* 


IL0AD_3 


*/ 


D( 


T_ 


, 1 


) , 








D( 


T_ 


, 1 


), 








D( 


T_ 


, 1 


) , 








D( 


T_ 


, 1 


) , 








D( 


T_ 


, 1 


) , 








D{ 


T_ 


, 1 


> , 









Hi 



D( T_ , 


1 ), 






D( T_ ( 


1 ), 






D{ T_ , 


I ), 






D( T_ , 


1 ) , 






D( T_ , 


1 ) , 






D{ T_ , 


1 ), 






D{ T5 ( 


i ) , 


/* ALOAEM) 


*/ 


D( T5 , 


1 >, 


/* ALOAD_l 


*/ 


D( T5 , 


1 ), 


/* ALOAD_2 


V 


D( T5 , 


1 ) , 


/* ALOAD_3 


V 


D< T_ , 


1 ) , 


/* IALOAD 


*/ 


D( T_ , 


1 ) , 






D( T_ , 


1 >, 






D{ T_ , 


1 >, 






D( T_ , 


1 ), 


/* AALOAD 


*/ 


D( T7 , 


1 ) , 


/* BALOAD 


*/ 


D( T_ , 


1 ) , 


/* CALOAD 


*/ 


D( T7 , 


1 ) , 


/* SALOAD 


*/ 


D( T2 


2 ) , 


/* ISTORE 


*/ 


D( T_ , 


2 ) , 






D{ T_ , 


2 ) , 






D{ T_ , 


2 ) , 






D( T8 , 


2 } , 


/* ASTORE 


*/ 


D( T2 


1 ) , 


/* ISTORE_0 


*/ 


D( T2 


1 > , 


/* ISTORE_l 


*/ 


D{ T2 


1 ) f 


/* ISTORE_2 


*/ 


D{ T2 


1 ) , 


/* ISTORE_3 


*/ 


D{ T_ , 


1 ) , 






D( T_ , 


1 ) , 






D( T_ 


1 ) , 






D{ T_ 


1 ) , 






D{ T__ 


X ) , 






D( T 


1 \ 






D( T_ 


\ ) , 








1 > 






D t T 


1 I 






n < t 








D( T_ 


t 1 ) f 






D( T_ 


, I ) , 






D( T8 


, 1 > , 


/* ASTORE_0 


*/ 


D{ T8 


, 1 ) , 


/* ASTGRE_1 


*/ 


D ( T8 


, 1 ) , 


/* ASTORE_2 


*/ 


D( T8 


, 1 ) , 


/* ASTORE_3 


*/ 


D( T_ 


, 1 ) / 


/* IASTORE 


*/ 


D( T_ 


, 1 ) , 






D{ T_ 


, 1 ) , 






D( T_ 


, 1 ) , 






D( T_ 


, 1 ) , 


/* AASTORE 


*/ 


D( T6 


, 1 ) , 


/* BASTORE 


*/ 


D( T_ 


, 1 ) # 


/* CASTORE 


*/ 


D( T6 


, 1 ) * 


/* SASTORE 


*/ 


D( T2 


, 1 ) , 


/* POP 


*/ 


D( T3 


. 1 ) , 


/* POP2 


*/ 


D( T13 


, 1 ) , 


/* DUP 


V 


D( T13 


, 1 ) , 


/* DUP_X1 


*/ 


D( T13 


, 1 ), 


/* DUP_X2 


*/ 


D( T13 


, 1 ), 


/* DUP 2 


*/ 


D( T13 


, 1 >, 


/* DUP2_X1 


*/ 


D( T13 


, 1 >, 


/* DUP2_X2 


*/ 


D( T13 


, 1 ), 


/* SWAP 


*/ 


D( Tl 


, 1 >, 


/* I ADD 


•/ 


D( T_ 


, 1 ), 






D( T_ 


, 1 ), 






D( Tl 


, 1 >, 






D( T_ 


, 1 ), 


/* ISUB 


*/ 


D( T_ 


, 1 J, 






D( T_ 


, 1 ), 






D( T_ 


, 1 >, 






D( Tl 


, I ) , 


/* IMUL 


*/ 


D( T_ 


, 1 ), 






D{ T_ 


, 1 ) , 







D{ T_ , 


1 } 










D{ Tl ( 


i_ ] 




/* 




*/ 


D( T_ 


1 ) 










D( T__ 


1 ) 










D( T_ 


1 ) 










D( Tl 


1 ) 




/* 


I REM 


*/ 


D{ T_ 


1 ) 










D< T_ 


1 ) 










D( T_ 


1 ) 










D( T9 


1 ) 




/* 


INEG 


*/ 


D( T_ 


, 1 ) 










D( T_ 


1 ) 










D( T_ 


, 1 ) 










D( Tl 


, 1 ) 




/* 


ISHL 


*/ 


D( T_ 


, 1 J 










D( Tl 


, I I 




/* 


ISHR 


V 


D( T_ 


, 1 ) 










D( Tl 


, 1 ) 




/* 


IUSHR 


*/ 


D{ T_ 


, 1 ) 










D( Tl 


, 1 ) 




/* 


IAND 


*/ 


D( T_ 


, 1 ) 










D( Tl 


, 1 ) 




/* 


IOR 


*/ 


D( T_ 


, 1 ) 










D( Tl 


, 1 ) 




/* 


IXOR 


*/ 


D( T__ 


, 1 










D( T4 


, 3 




/* 


I INC 


*/ 


D( T_ 


, 1 










D( T_ 


, 1 










D( T__ 


, 1 










D( T_ 


, 1 










D( T_ 


, 1 










D( T_ 


, 1 










D( T_ 


, 1 










D( T_ 


, 1 


1 » 








D< T_ 


, 1 


1 , 








D( T_ 


, 1 


\ , 








D( T_ 


, 1 


1 , 








D( T_ 


, 1 


1 , 








D( T9 


, 1 


' t 


/* 


INT2BYTE 


*/ 


D( T9 


, 1 


) , 


/* 


INT2CHAR 


*/ 


D( T_ 


, 1 


) , 


/* 


INT2 SHORT 


*/ 


D( T_ 


, 1 


/ t 








D( T_ 


, 1 


) . 








D( T_ 


, 1 


) , 








D( T_ 


, 1 


) , 








D( T_ 


, 1 


) / 








D{ T2 


, 3 


' t 


/* 


IFEQ 


*/ 


D( T2 


, 3 


) , 


/* 


IFNE 


V 


D( T2 


, 3 


) , 


/* 


IFLT 


*/ 


D< T2 


, 3 


) , 


/* 


IFGE 


*/ 


D( T2 


, 3 


) , 


/* 


IFGT 


*/ 


D( T2 


, 3 




/* 


IFLT 


V 


D< T3 


, 3 


) / 


/* 


IF_ICMPEQ 


V 


D( T3 


, 3 


) > 


/* 


IF_ICMPNE 


*/ 


D( T3 


, 3 


) ' 


/* 


IF_ICMPLT 


*/ 


D( T3 


, 3 


) ' 


/* 


IF_ICMPGE 


*/ 


D( T3 


, 3 




/* 


IF_ICMPGT 


*/ 


D( T3 


, 3 


) ' 


/* 


IF_ICMPLE 


V 


D( T3 


, 3 




/* 


IF_ACMPEQ 


*/ 


D( T3 


, 3 




/* 


IF_ACMPNE 


*/ 


D( T4 


, 3 


> ' 


/* 


GOTO 


*/ 


D{ T_ 


, 3 


> t 


/* 


JSR 


V 


D( T_ 


, 2 


) ' 


/* 


RET 


*/ 


D( T2 


r 0 




/* 


TABLESWITCH 


*/ 


D( T2 


, o 




/* 


LOOKUPSWITCH*/ 


D< T2 


, 1 




/* 


IRETURN 


*/ 


D( T_ 


, 1 










D( T_ 


, 1 










D( T_ 


, 1 










D( T8 


, 1 




/* 


ARETURN 


*/ 


D( T4 


, 1 




/* 


RETURN 


V 



D{ T15 , 






/* 


GET STATIC * / 


D{ T15 , 


3 ) 




/* 


PUTSTATIC * / 


D{ T15 , 


3 ) 




/* 


GETFIELD */ 


D( T15 , 


3 ) 




/ * 


PUTFIELD "/ 


D( T14 , 


3 ) 




/* 


INVOKEVIRTUAL */ 


D( T14 , 


3 ) 




/* 


INVOKESPECIAL */ 


D( T14 , 


3 ) 




/* 


INVOKESTATIC *' 


D( T14 , 


5 ) 




/* 


INVOKE INT ERF ACE */ 


D( T_ , 


1 } 








D( Til 


3 ) 




/* 


NEW */ 


D{ T16 


2 ) 




/* 


NEWARRAY */ 


D{ T_ 


3 ) 








D( T12 


1 ) 




/* 


ARRAYLENGTH */ 


D{ T8 


1 ] 




/* 


ATHROW */ 


D( T16 


3 1 




/* 


CHECKCAST */ 


D( T12 


r 3 ) 




/* 


INSTANCEOF */ 


D( T_ 


, 1 ) 








D( T_ 


, 1 ) 








D( T_ 


, 1 ) 








D( T_ 


, 4 ) 








D( T8 


, 3 ) 




/* 


IFNULL */ 


D( T8 


, 3 ) 




/* 


IFNONNULL */ 


D{ T_ 


, 5 ] 








D( T_ 


, 5 ] 








D{ T_ 


, 1 








D( T_ 


, l 








D{ T_ 


t l 








D( T_ 


, 1 








D( T_ 


, 1 








D( T 


1 


r 






D ( «j 


1 


* 






D( T 










D( T_ 


, i 








D( T 










D( T_ 
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n r t 
w \ 1 


1 








D ( T_ 


t x 








D( T_ 


1 


i t 






D( T_ 


, 1 








D( T_ 


t 1 








D( T_ 


, 1 








D( T_ 


, 1 








D( T_ 


, 1 








D{ T_ 


, 1 








D{ T_ 


, 1 








D{ T„ 


, 1 








D( T_ 


, 1 








D( T_ 


, 1 








D( T_ 


, 1 








D( T_ 


, 1 








D( T_ 


, 1 








D( T_ 


, 1 








D( T_ 


, 1 








D( T_ 


, 1 








D( T_ 


, 1 








D( T_ 


, 1 








D( T_ 


, 1 








D( T__ 


, 1 
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D( T_ 
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D( T_ 


, 1 








D{ T_ 


, 1 








D{ T_ 
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APPENDIX H 

Checks Done On Java Byte Codes By Type 

Decoding the instruction. This gives us the length to generate the next PC, and the instruction type: 

pcargl = _GET_ILENGTH(_decodeinfo [insn] ) ; 
itype = _GET_ITYPE(_decodeinfo(insn] ) ; 

Implement some pre-execution checks based on this: 

/* ChecJc the input stack state based on the instuction type */ 
if (itype <= ITYPE9) ( 

if (itype <= ITYPEl) { 

check_stack_int ( 1 ) ; 

} 

check_stack_int(0) ? 

} 

else if (itype <= ITYPE12 } { 
check_stack_ref (0) ; 

} 

else if (itype < ITYPEU) ( 
push(l) ; 

} 

Finally, implement some post execution checks: 

/* Set the output state */ 
if (itype <= ITYPE8) { 

if (itype <= ITYPE6) { 

if (itype >= ITYPE 6 ) { 
pop(l); 

) 

pop(l) ; 

} 

pop(l) ; 

> 

else if (itype <= ITYPE10) { 
set_stack_int (0) ; 

} 

else if {itype >= ITYPEl 1 fc& itype <= ITYPEl 6) { 
set_stack_ref (0) ; 

} 
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APPENDIX I 

Checks Done On Renumbered Java Byte Codes 



Get the instruction. The numeric value of the instruction implicitly contains the instruction type: 

insn = getpc (-1) ; 

Implement some pre-execution checks based on this: 
/* 

* Check input stack state. By renumbering the byte codes we can 

* perform the necessary security checks by testing if the value of the 

* byte code (and hence the byte code) belongs to the correct group 
*/ 

if (insn <= TYPE9_END) { 
if (insn <= TYPE1_END) { 
check_stack_int ( 1) ; 

) 

check_stack_int (0) ; 

s > 

P*' else if (insn <= TYPE12_END) { 

p; check_stack_ref (0) ; 

.jSSBK. } 

J**; else if (insn <= TYPE11_END) { 

t#J! push(l) 

M > 

Finally, implement some post execution checks: 

o 

s ; * 

7 .. * Set output stack state. 

p if (insn < = TYPE8_END) { 

as if (insn <= TYPE6_END) { 

if (insn >= TYPE6_START ) { 

UJ pop ( 1 ) ; 

r? pop(l); 

} 

pop(l) ; 

} 

else if (insn <= TYPE10_ENQ) { 
set_stack_int (0) ; 

) 

else if (insn >- TYPE1 1_START && insn <= TYPE16_END) { 
set_stack_ref (0) ; 

} 



r- 1 



Reordering of supported Java byte codes by type 



/* TYPE 3 */ 



#define s_J>OP2 0 

#define s_IF_ICMPEQ 1 

^define s_IF_ICMPNE 2 

^define s_IF_ICMPLT 3 

tfdefine s_IF_ICMPGE 4 

#define s_IF_ICMPGT 5 

ttdefine s_IF_ICMPLE 6 

#define s_IF_ACMPEQ 7 

#define s_IF_ACMPNE 3 

/* TYPE 6 */ 

^define TYPE6_START 9 

#define s_SASTORE 9 

#define s_AASTORE 10 

fcdefine s_BASTORE 11 

#def ine TYPE6_END 12 

/* TYPE 1 */ 

#define s_IADD 13 

#define s_ISUB 14 

#define s_IMUL 15 

#define s_IDIV 16 

#define s_IREM 17 

#define s_ISHL 18 

#define s_ISHR 19 

#define s^IUSHR 20 

^define s_IAND 21 
#define s_I0R 22 
#define s_IXOR 23 

tdefine TYPE1_END 23 



/* TYPE 2 */ 

#define s_ISTORE 
#define s_P0P 
#define s_IFEQ 
tdefine s_IFNE 
#define s_IFLT 
#define s_IFGE 
#define s_IFGT 
ftdefine s_IFLE 
Idefine s_TABI>ES WITCH 
#define s_LOOKUP SWITCH 
#define s_IRETURN 

/* TYPE 7 */ 



^define s_SALOAD 35 

#define s_AALOAD 3 6 

#define s_BALOAD 37 

/* TYPE 9 */ 

« define s_INEG 39 

tdefine s_INT2BYTE 40 

^define s_INT2CHAR 41 

^define TYPE9_END 41 

/* TYPE 8 */ 

^define s_ASTORE 42 

^define s_ARETURN 43 



24 

25 
26 
27 
23 
29 
30 
31 
32 
33 
34 



ffuet me 


c A THROW 


44 


# define 


s_IFNULL 


45 


#def ine 


s_IFNONNULL 


46 


^define 


TYPE8_END 


46 


/* TYPE 


12 */ 




#def ine 


s_ARRAYLENGTH 


47 


#def ine 


S_l.No i ANL._Ur 


da 


#def ine 


1 1 rUlZ rJNU 


*±o 


/ * TYPE 






#def ine 


S_SIPUSH 


49 


#define 


TYPE10_END 


49 


/* TYPE 


5 */ 




#def ine 


s_ILOAD 


50 


#def ine 


s_ALOAD 


51 



/* TYPE 11 */ 

#define T YPE1 1 _START 

#define s_ACONST_NULL 
#define s_LDC2 
#define s_JSR 
ttdefine s_NEW 

#define TYPE11_END 



52 

52 
53 
54 
55 

55 



/* TYPE 16 */ 

#define s_NEWARRAY 
#define sJZHECKCAST 

#define TYPE16_END 

/* TYPE 13 */ 

#define s_DUP 
Mefine s_DUP_Xl 
#define s_DUP_X2 
#define s_DUP2 
#define s_DUP2_Xl 
#define s_DUP2_X2 
#define s_SWAP 



56 
57 

57 



58 
59 
60 
61 
62 
63 
64 



/* TYPE 14 */ 

#define s_INVOKEVIRTUAL 65 /* 01000001 */ 

#define s^INVOKENONVIRTUAL 66 /* 01000010 */ 

#define s_ILWOKESTATIC 67 /* 01000011 */ 

#define s_INVOKEINTERFACE 68 /* 01000100 */ 



/* TYPE 15 */ 

#define s_GET STATIC 69 

ttdefine s_PUTSTATIC 70 

#define s_GETFIELD 71 

#define s_PUTFIELD 72 

/* TYPE 4 */ 

#define s_NOP 73 

^define s_IINC 74 

ttdefine SJ30TO 75 

^define s_RET 76 

3 define s_RETURN 77 



